Security chief: Germany must go on cybersecurity offensive

Germany should have the capabilities to initiate counterstrikes on foreign states that launch cyberattacks against it, the country's domestic security agency chief said.

"We cannot only operate defensively," Hans-Georg Maaβen, head of the Bundesamt für Verfassungsschutz (BfV), told Deutschen Presse-Agentur Tuesday. "We must also be in a position to attack an enemy and stop them from carrying out further attacks on us."

Maaβen did not rule out the possibility that upcoming federal elections could see "foreign efforts to influence the result."

The security chief's statement echoes Interior Minister Thomas de Maizière's previous comments on cyberattacks. In proposals to reform the country's security architecture, he said: "When we have identified the origin of the cyberattack, we also need to be able to actively fight back."

BfV currently lacks the legal backing to delete hacked data, increasing the risk that third parties gain access to sensitive material, Maaβen said. He called for clear provisions allowing BfV to switch off infrastructure that poses a clear threat to cybersecurity.

BfV registered a "spectacular rise" in spear-phishing attacks, where hackers send emails that appear to be from an individual or business known to the target, against parties and parliamentary groups in the past months. The security agency attributes the attacks to APT28, the group linked to pre-election attacks on the Democratic Party in the U.S.